Course Title: Implement network security infrastructure for an organisation
Part B: Course Detail
Teaching Period: Term1 2023
Course Code: COSC6237
Course Title: Implement network security infrastructure for an organisation
Important Information:
Please note that this course may have compulsory in-person attendance requirements for some teaching activities.
To participate in any RMIT course in-person activities or assessment, you will need to comply with RMIT vaccination requirements which are applicable during the duration of the course. This RMIT requirement includes being vaccinated against COVID-19 or holding a valid medical exemption.
Please read this RMIT Enrolment Procedure as it has important information regarding COVID vaccination and your study at RMIT: https://policies.rmit.edu.au/document/view.php?id=209.
Please read the Student website for additional requirements of in-person attendance: https://www.rmit.edu.au/covid/coming-to-campus
Please check your Canvas course shell closer to when the course starts to see if this course requires mandatory in-person attendance. The delivery method of the course might have to change quickly in response to changes in the local state/national directive regarding in-person course attendance.
School: 520T Future Technologies
Campus: City Campus
Program: C4408 - Certificate IV in Cyber Security
Course Contact: Michael Barton
Course Contact Phone: +61 3 9925 4381
Course Contact Email: michael.barton2@rmit.edu.au
Name and Contact Details of All Other Relevant Staff
Nominal Hours: 80
Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.
Pre-requisites and Co-requisites
NIL
Course Description
This unit provides a sound working knowledge of the key features which make up the network security for an organisation. The unit includes a detailed investigation of threats and mitigation techniques, network security architectures, introduction to firewall setup and configuration, intrusion prevention system (IPS) setup and operation as well as internetworking operating system (IOS) software features to harden routers and switches. The unit also investigates proxy server vulnerabilities, Wireless Lan (WLAN) security vulnerabilities and the application of Virtual Private Networks (VPN’s) and cryptography fundamentals.
National Codes, Titles, Elements and Performance Criteria
National Element Code & Title: |
VU21991 Implement network security infrastructure for an organisation |
Element: |
1.Examine modern network security threats and attacks |
Performance Criteria: |
1.1 Network security architectures is identified1.2 Select group of modern cyber security threats and attacks are examined in detail.1.3 Tools and procedures to mitigate the effects of malware and common network attacks are identified |
Element: |
2.Configure secure administrative access to network devices |
Performance Criteria: |
2.1 Network security architectures is described, demonstrated and implemented 2.2 Process of configuring secure administrative access to network devices is described and implemented 2.3 Process of allocation user command privileges for network devices is described, demonstrated and implemented 2.4 Secure management and network monitoring is implemented 2.5 Features to enable security on Internet Operating System (IOS) based routers are implemented 2.6 Purpose of Authentication, Authorization and Accounting (AAA) procedures to access to network devices are described 2.7 AAA authentication from a local server is implemented |
Element: |
3.Implement firewall technologies |
Performance Criteria: |
3.1 Operation of access lists (ACL's) is described and implemented 3.2 Function and operation of a firewall to mitigate network attacks is described and implemented 3.3 Zone based policy firewall is demonstrated and implemented 3.4 Tools to implement packet filtering are demonstrated and implemented 3.5 Operation of inspection rules are described and demonstrated |
Element: |
4.Investigate new firewall technologies |
Performance Criteria: |
4.1 Higher level packet inspection is performed 4.2 Holistic approaches to traffic inspection are investigated 4.3 Concept of dynamic updates for defending against new cyber-attacks are examined 4.4 New firewall technology operation is demonstrated |
Element: |
5.Implement Intrusion prevention systems (IPS) |
Performance Criteria: |
5.1 Securing a network with network based Intrusion Prevention System (NIPS) is examined 5.2 Detecting malicious traffic using signatures is demonstrated 5.6 Intrusion Prevention System (IPS) using an Internetworking Operating System (IOS) is defined and implemented |
Element: |
6.Examine proxy server security issues |
Performance Criteria: |
6.1 Function and operation of a proxy server is summarized 6.2 Proxy server vulnerabilities are identified 6.3 Mitigation strategies for proxy server vulnerabilities are defined and demonstrated |
Element: |
7.Examine proxy server security issues |
Performance Criteria: |
7.1 Operation of WLANs as a communication media is summarized 7.2 Overview of the 802.11 WLAN standards is explained 7.3 Relationship between the Data Layer and the Physical layers for WLANS is defined 7.4 WLAN architecture of a typical system is defined and demonstrated 7.5 Authentication and Association methods for wireless clients are described and demonstrated 7.6 Strengths and weaknesses of WLAN encryption techniques are investigated 7.7 Current tools to discover and interrogate WLANS are demonstrated and utilised 7.8 WLAN security checklist is developed 7.9 802.1x security authentication standards for WLANS (and wired devices) are summarized |
Element: |
8.Demonstrate the fundamental operation of Cryptographic systems |
Performance Criteria: |
8.1 Overview of cryptography is provided 8.2 Process of working with symmetric & asymmetric algorithms is defined 8.3 Function and operation of encryption, hashes and digital signatures to secure a network is summarized 8.4 Data integrity and authentication utilizing encryption algorithms are defined 8.5 Data confidentiality utilizing encryption algorithms are summarized 8.6 Process of public key encryption to ensure data confidentiality is demonstrated 8.7 Cryptography standards and protocols are summarized 8.8 Common use of protocols that utilize cryptography are demonstrated |
Element: |
9.Define and demonstrate the fundamentals of Virtual Private Networks (VPN's) |
Performance Criteria: |
9.1 Advantages and operation of Virtual Private Networks (VPN's) are explained 9.2 Operation of Internet Protocol Security (IPSec) VPN's is summarized 9.3 Operation of tunneling is described and demonstrated 9.4 Site to site IPSec VPN with pre shared key authentication is demonstrated |
Learning Outcomes
Refer to Elements
Details of Learning Activities
This course is a cluster of two units combined, COSC6237 (VU21991) Implement network security infrastructure for an organisation & COSC7379C (ICTNWK509) Design and implement a security perimeter for ICT networks and both courses must be taken together
Evidence should show competency working in a realistic environment and a variety of conditions. The candidate will have access to all tools, equipment, materials and documentation required. The candidate will be permitted to refer to any relevant workplace procedures, product and manufacturing specifications, codes, standards, manuals and reference materials. This unit may be assessed on the job, off the job or a combination of both. Where assessment occurs off the job, then an appropriate simulation must be used where the range of conditions reflects realistic workplace situations. The competencies covered by this unit would be demonstrated by an individual working alone or as part of a team. The assessment environment should not disadvantage the candidate. Evidence can be gathered in a combination of ways including: - observation of processes and procedures - oral and/or written questioning on required knowledge and skills - testimony from supervisors, colleagues, clients and/or other appropriate persons - inspection of the final product or outcome - portfolio of documented evidence. Where performance is not directly observed and/or is required to be demonstrated over a period of time and/or in a number of locations, any evidence should be authenticated by colleagues, supervisors, clients or other appropriate persons.Teaching Schedule
Week Number | Topics | Assessment Tasks |
1 | Modern Network Security Threats | |
2 | Securing Network Devices | |
3 | FHRP Concepts | |
4 | Authentication, Authorization, and Accounting | Lab Check in |
5 | Managing a Secure Network | Theory exam Released Due week 16 |
6 | Proxy Servers | Practical Assessment 1 Released Due Week 15 |
7 | WLAN | |
8 | Point to Point Connections | Lab Check in |
9 | Implementing Firewall Technologies | |
10 | Implementing Intrusion Prevention | |
11 | Securing the Local Area Network | |
12 | Cryptographic Systems | Lab Check in |
13 | Implementing Virtual Private Networks | Final Practical Exam Released Due week 16 |
14 | Implementing the Cisco Adaptive Security Appliance | |
15 | Network Troubleshooting | Lab Check in. |
16 | Assessment Week | Final Week all assessment due by end of the week. |
Learning Resources
Prescribed Texts
References
Other Resources
Students are Suggestd to have a windows based computer with at least 16 gig of ram and an i5 processor or better. or have access to an intel baased apple computer.
Students will have access to cisco courses at netacad.com
Students are advised to have a 500 gigabyte ssd hard drive to store virtual machines on for use with virtualbox and vmware
Overview of Assessment
Assessment 1: Knowledge Assessment
Assessment 2: Identify network security threats
Assessment 3: Design and implement security perimeter architecture
These tasks assesses the following Course Learning Outcomes (CLOs):
Assessment Mapping Matrix
Elements/Performance Criteria |
Assessment 1 |
Assessment 2 |
Assessment 3 |
1.1 |
|
X |
|
1.2 |
|
X |
|
1.3 |
|
X |
|
2.1 |
|
X |
X |
2.2 |
|
X |
X |
2.3 |
|
|
X |
2.4 |
|
|
X |
2.5 |
|
|
X |
2.6 |
|
|
X |
2.7 |
|
|
X |
3.1 |
|
|
X |
3.2 |
|
|
X |
3.3 |
|
|
X |
3.4 |
|
|
X |
3.5 |
|
|
X |
4.1 |
|
|
X |
4.2 |
|
|
X |
4.3 |
|
|
X |
4.4 |
|
|
X |
5.1 |
|
|
X |
5.2 |
|
|
X |
5.3 |
|
|
X |
6.1 |
X |
X |
|
6.2 |
X |
X |
|
6.3 |
|
X |
|
7.1 |
X |
|
|
7.2 |
X |
|
|
7.3 |
X |
|
|
7.4 |
|
X |
|
7.5 |
|
X |
|
7.6 |
X |
X |
|
7.7 |
X |
X |
|
7.8 |
|
X |
|
7.9 |
X |
|
|
8.1 |
X |
|
|
8.2 |
X |
|
|
8.3 |
X |
|
|
8.4 |
X |
|
|
8.5 |
X |
|
|
8.6 |
|
|
X |
8.7 |
X |
|
|
8.8 |
|
|
X |
9.1 |
X |
|
|
9.2 |
X |
|
X |
9.3 |
|
|
X |
9.4 |
|
|
X |
Assessment Tasks
Assessment 1: Knowledge Assessment
Assessment 2: Identify network security threats
Assessment 3: Design and implement security perimeter architecture
Assessment Matrix
Other Information
Credit Transfer and/or Recognition of Prior Learning (RPL):
You may be eligible for credit towards courses in your program if you have already met the learning/competency outcomes through previous learning and/or industry experience. To be eligible for credit towards a course, you must demonstrate that you have already completed learning and/or gained industry experience that is:
- Relevant
- Current
- Satisfies the learning/competency outcomes of the course
Please refer to http://www.rmit.edu.au/students/enrolment/credit to find more information about credit transfer and RPL
Study and learning Support:
Study and Learning Centre (SLC) provides free learning and academic development advice to you.
Services offered by SLC to support your numeracy and literacy skills are:
- assignment writing, thesis writing and study skills advice
- maths and science developmental support and advice
- English language development
Please Refer http://www.rmit.edu.au/studyandlearningcentre to find more information about Study and learning Support
Equitable Learning Services (ELS):
If you are suffering from long-term medical condition or disability, you should contact Equitable Learning Services (ELS) to seek advice and support to complete your studies.
Please refer to https://www.rmit.edu.au/students/support-and-facilities/student-support/equitable-learning-services to find more information about services offered by Equitable Learning Services (ELS).
Late submission:
If you require an Extension of Submittable Work (assignments, reports or project work etc.) for 7 calendar days or less (from the original due date) and have valid reasons, you must complete and lodge an Application for Extension of Submittable Work (7 Calendar Days or less) form and lodge it with the Senior Educator/ Program Manager.
The application must be lodged no later than one working day before the official due date. You will be notified within no more than 2 working days of the date of lodgment as to whether the extension has been granted.
If you seek an Extension of Submittable Work for more than 7 calendar days (from the original due date) must lodge an Application for Special Consideration form under the provisions of the Special Consideration Policy, preferably prior to, but no later than 2 working days after the official due date.
Submittable Work (assignments, reports or project work etc.) submitted late without approval of an extension will not be accepted or assessed.
Special consideration:
Please Refer http://www.rmit.edu.au/students/specialconsideration to find more information about special consideration
Plagiarism:
Plagiarism is a form of cheating and it is very serious academic offence that may lead to expulsion from the University.
Please Refer: www.rmit.edu.au/academicintegrity to find more information about plagiarism.
Other Information:
All email communications will be sent to your RMIT email address and you must regularly check your RMIT emails.
Course Overview: Access Course Overview